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A personal firewall with location dependent functionality 



Field of the Invention 

[0001] The present invention relates to network security and, nnore 
particularly, to personal firewalls. 

Background of the Invention 

[0002] Traditionally, a firewall is considered as a set of components 
forming a gateway between two or more networks. Thus, a firewall has been a 
gateway which operates at the same time as a connector and a separator 
between the networks in a sense that the firewall keeps track of the traffic that 
passes through it from one network to another and restricts connections and 
packets that are defined as unwanted by the administrator of the system. 
Physically a firewall is a machine with appropriate software to do the tasks as- 
signed to it. It can be a router, a personal computer (PC), or any other device 
that can be used for such purposes. Although firewalls are mostly used to 
connect Local Area Networks (LANs), i.e. internal networks, to the Internet and 
to protect against attackers or undesired traffic in general, they may also be 
used to separate and connect different segments of internal network for secu- 
rity purposes. The advantages of having a firewall are numerous. A firewall 
secures the network and can be used as a tool for monitoring the traffic espe- 
cially from the outside to the inside of the network guarded by a firewall. Be- 
cause all traffic intended for the internal network must pass through the 
firewall, most of the network security actions and policies can be concentrated 
in this particular point. This is of course a cost and administrative advantage. 

[0003] Nowadays, laptop computers and other portable computer 
devices are widely used. While outside the internal network, the laptop cannot 
make benefit of the protection provided by the conventional "gateway-type" 
firewall. Therefore, approaches to improve security of a client located in a 
foreign network (a public network or an internal network of a foreign 
organisation) have been proposed. These approaches are based on protecting 
the laptop itself by means of a local security mechanism, called a personal 
firewall herein, installed in the laptop (in addition to or instead of a firewall in 
an internal network, which protects the computers connected to the internal 
network). The personal firewall may be implemented as software installed in 
the computer device, or as a separate electronic device connected to the 
computer device. 
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[0004] European patent application EP 0 952 715 discloses a 
firewall security device connected to an external communication port of a 
computer device. The incoming communications stream to the computer de- 
vice from e.g. public networks is passed through the firewall security device. 
The firewall device applies standard security measures, thereby protecting the 
computer device. 

[0005] There is a particular need for such protection by means of a 
personal firewall if the laptop is allowed to have a remote access, e.g. make a 
VPN (Virtual Private Network) connection to company network while being 
connected to a foreign network. In order to improve security of the VPN con- 
nections, one prior art solution is to enforce a protection level of a laptop, 
when a VPN tunnel to a company network Is created. This means for example 
that, during a VPN connection, the IP address fon/varding is not allowed, or 
that any connection attempts to the laptop are denied. 

[0006] Clearly this is not enough, since the laptop must be pro- 
tected as soon as it is connected to a foreign network, not only during a VPN 
connection. The laptops are often used by non-technical people, which in- 
creases the risk of overlooking security aspects. Laptops contain sensitive 
material, such as customer emails. If a laptop is unprotected, when connected 
to a foreign network, even for a short period of time, there is a risk of getting 
infected by a hostile application. Such application can be activated later, when 
the laptop is connected to an internal network and offer inside help for attacks. 

[0007] Thus, there is a need to protect the laptop by means of a 
personal firewall always when the laptop is connected to a foreign network. 
However, when the laptop is connected to a company internal network, such 
personal firewall may unduly prevent some essential traffic. For example, the 
personal firewall should allow use of a laptop at home (internal) network and 
access to all services, such as disk-share. In a home network even non-IP 
protocols are sometimes used. Therefore, it is not feasible to have a personal 
firewall running at all times, at least not with the same configuration, since the 
protection needs in an internal network are different from those in a foreign 
network. 

[0008] Some of the current solutions allow changing the set of rules 
used in the personal firewall, that is, they allow the user of the laptop to use 
different rule sets when connected to the internal network and when con- 
nected to a foreign network. However this is a manual operation. Since man- 
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ual action is required, there is a high risk that operation is not done. Risk is 
even higher if the end user does not fully understand the need of a firewall. 

Summary of the Invention 

[0009] An object of the invention is to improve the security and 
flexibility of a personal firewall. 

[00101 A computer device which can be connected to a home net- 
work (such as an internal network of a company or other organisation where 
the user is employed) and to a foreign network (such as a public network or an 
internal network of a foreign organisation) is provided with a local security 
mechanism, called a personal firewall herein, for protecting the computer de- 
vice from attacks from a foreign network, in addition to or instead of a firewall 
in the internal network which protects the computer when connected to the in- 
ternal network. The personal firewall is provided with different sets of security 
rules, at least one set of rules for the home network and at least one set of 
rules for foreign networks. In its simplest form, the set of rules for the home 
network contains no restrictions for the communication or use of service in the 
home network. The personal firewall is arranged to detect its current location, 
i.e. to determine the network to which it is connected at each particular mo- 
ment. The personal firewall activates one of the given sets of security rules 
according to the detected current location of the computer device, i.e. the per- 
sonal firewall automatically uses the security rules predefined for the network 
to which the computer device is connected at each particular moment. Upon 
detecting a change in the location, the personal firewall immediately adapts to 
use security rules predefined for the new location. A benefit of the invention is 
that the protection of a personal firewall is always enabled at the correct level, 
depending on the current location. On the other hand, when the computer de- 
vice is located in the home network, a lower level of protection, or no protec- 
tion at all, can be automatically provided by the personal firewall, so that the 
communication and services are not unduly restricted in the home network. 
Thus, the automated location-dependent management of different sets of rules 
offers optimal protection in different networks, while not unduly restricting op- 
eration in the home network. 

[0011] The current location of the computer device is preferably 
determined on the basis of a currently used IP address of the computer de- 
vice. This is based on the common practice that a computer device has a dif- 
ferent IP address, either a fixed address or a dynamic address, in different 



3 



First Filing Patent Application of SYVANNE, atty. dkt. 284125 

networks. The IP address can thereby be utilized for identifying the current 
network and the location of the computer device. 

[0012] However, there are situations where the IP address fails to 
indicate current location of the computer device. Therefore, in an embodiment 
of the invention, the current location determined on the basis of the current IP 
address of the computer device is verified by carrying out an additional loca- 
tion verification procedure with a predetermined network element. In a still 
further embodiment of the invention, availability of said predetermined network 
element related to the current IP address is checked. The predetermined net- 
work element is such that it responses only if the computer device is located in 
the network in which it is assumed to be on the basis of the current IP ad- 
dress. If the predetermined network element responses and identifies itself 
properly, the current location detennined based on the current IP address is 
considered to be verified. Otherwise the computer device determines that the 
current IP address fails to indicate current location of the computer device. 
The additional verification process makes it even possible to automatically 
create a secured tunnel, such as a VPN tunnel to a home network even if the 
computer device uses the same IP address in the current location as in the 
internal (home) network. The present invention offers benefits even with stand 
alone personal firewalls wherein the security rules can be defined locally by 
the user, although the use of these rules is automated and location-depen- 
dent. However, more advantages are achieved when the basic invention is 
used with a central management of personal firewalls. 

[0013] According to an aspect of the invention, security rules are 
defined, updated and distributed centrally by a centralized rule-based server. 
Especially the updating of the rules is challenging, because the rule updates 
must be applied as soon as possible, and therefore the process of updating 
rules in the personal firewalls must be automated. Updating of rules by push 
method from the centralized rule base server is not a sufficient option in this 
case. Use of DHCP (Dynamic Host Configuration Protocol), frequent travelling 
and the fact that at times the laptop may not be connected to any network 
makes it next to impossible for the centralized management to initiate contacts 
with the personal firewalls in the computer devices, because there is no way 
for the centralized management to know the IP address the computer device is 
using at a given moment. Therefore, according to an aspect of the invention, 
the personal firewall is configured to periodically query the availability of up- 
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dated security rules from the centralized management. The queries should 
only be made, while the computer device is located in the home network, or 
optionally, when the computer device has a remote access (e.g. VPN con- 
nection) to the home network while being located in a foreign network. In other 
words, also the updating process is dependent on the current location of the 
computer device in a similar manner as the selection of the active rules, and 
similar methods can be utilized for determining the current location. 

[0014] According to another aspect of the invention, log files con- 
taining information of a status and usage of resources of the computer device 
are handled in a centralized management location. This enables personnel 
aware of security aspects to verify whether there have been any attacks 
against the computer device or not. To that end, the personal firewall sends 
the log files to the central management, such as to a centralized log server, 
when the computer device is located in the home network. However, when the 
computer device is disconnected from the home network, the log files are col- 
lected and stored locally in the firewall. In order to enable central handling of 
the log files, the personal firewall transfers the collected log files to the central 
log server when such is available. This is performed automatically, whenever 
the computer device is located in, or optionally, connected to the home net- 
work. Again, the handling of the log files in the personal firewall is automated 
and location dependent in a way similar to the selection of active rules, and 
similar methods can be used for determining the current location of the com- 
puter device. 

[0015] The present invention allows use of a computer device in a 
home (internal) network and access to all services, such as disc-share, and 
even use of non-IP protocols, which are often denied in foreign networks. 

Brief description of the drawings 

[0016] Preferred embodiments of the invention will now be de- 
scribed with reference to the attached drawings, in which 

[0017] Figure 1 is a schematic block diagram of an exemplary net- 
work configuration where the present invention can be applied; 

[0018] Figure 2 shows an exemplary protocol stack of a computer 
device containing a personal firewall according to the present invention, 

[0019] Figure 3 illustrates exemplary selection rules and a security 
rule basis, and the association therebetween. 
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[0020] Figure 4 is a flow diagram illustrating a location-dependent 
rule base selection according to an embodiment of the Invention; 

[0021] Figures 5 and 6 are flow diagrams illustrating the location 
verification procedure according to an embodiment of the invention; 

[0022] Figures 7 and 8 are flow diagrams Illustrating the rule base 
updating according to an embodiment of the invention; and 

[0023] Figure 9 Is a flow diagram Illustrating the handling of log files 
according to an embodiment of the invention. 

Preferred embodiments of the invention 

[0024] The present invention can be applied In personal firewalls in 
any computer device which can be moved and connected to different net- 
works. Typically such devices are portable computer devices, such as laptop 
computers, PDAs, communicators, smart phones, intelligent telecommuni- 
cation devices, etc. In the following illustrative embodiments of the Invention, a 
laptop computer is used as an example of suitable computer devices. 

[0025] Figure 1 shows a schematic block diagram of an exemplary 
network configuration. The configuration Is shown only to facilitate the under- 
standing and description of the present invention. The present invention Is not 
intended to be restricted to any particular network configuration. Further, in or- 
der to improve clarity, only network elements which are somehow Involved 
with the present Invention are shown In Figure 1. 

[0026] As Illustrated in Figure 1, private local networks 10 and 13 
are coupled to a public network, such as the Internet 12 via firewalls 5 and 7, 
respectively. Naturally, the coupling between the private networks and the 
public Internet 12 may include also routers and Internet service providers 
(ISPs not shown in Figure 1). As is well known in the art, private networks 10 
and 13 may be, for example, company networks, such as local area networks 
(l_ANs) which connect users and resources, such as workstations, servers, 
printers and the like of the company. A private Internal network may also con- 
sist of several sub-networks separated by internal firewalls. In the exemplary 
network configuration shown in Figure 1, the private company sub-network 11 
Is connected via a firewall 6 to the private local network 10. Such a sub- 
network 1 1 may be, for example, a dedicated network for a specific depart- 
ment of the organisation, such as the research and development (R&D) de- 
partment which must have a restrictive access and higher protection level 
compared with other part of the company network. Sub-networks of the com- 
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pany, such as the local networks of organisation headquarters and branch of- 
fices may be interconnected by secure connections, such as virtual private 
network (VPN). 

[0027] As already described above, the firewalls 5, 6 and 7 are 
gateways which operate at the same time as connectors and separators be- 
tween the networks in a sense that the firewall keeps track of the traffic that 
passes through it from one network to another and restricts connections and 
packets that are defined as unwanted by the administrator of the system. 
Physically a firewall is a machine with appropriate software to perform the task 
assigned to it. It can be a router, a personal computer (PC), or whatever that 
can be used for such purposes. 

[0028] However, the firewalls between the networks, or the imple- 
mentations thereof, are not relevant to the present invention. 

[0029] The present invention relates to protecting of the computer 
device, e.g. laptop itself, by means of a local security mechanism, called a 
personal firewall herein, installed on the laptop in addition to or instead of a 
firewall in a private network. The personal firewall may be implemented as 
software installed and run in the computer device, which is a preferred em- 
bodiment, or as a separate electronic device connected to the computer de- 
vice. In Figure 1 , the laptops 1 , 2, 3 and 4 illustrate laptops provided with a 
personal firewall. 

[0030] Figure 2 illustrates the basic principle of a personal firewall 
installed in a laptop. Physical and network layers 200 refer to all protocols and 
physical connections required for transferring protocol data units (PDUs) of the 
upper layers. The upper layers 200 include applications and any transmission 
protocols employed, such as Internet protocol (IP) transmission control proto- 
col (TCP), NetPEUI, IPX, etc. Basically the personal firewall protection layer 
201 operates in a manner analogue to a firewall between networks. More par- 
ticularly, the personal firewall protection layer 201 operates at the same time 
as a connector and a separator between the underlying layers and the upper 
layer in a sense that the personal firewall keeps track of the traffic that passes 
through it from underlying layers to the upper layers, and vice versa, and re- 
stricts connections and packets that are defined as unwanted according to the 
security ailes used. The personal firewall protection layer 201 is implemented 
or controlled by a personal firewall application 203 run in the laptop. In a pre- 
ferred embodiment of the invention, the personal firewall application 203 car- 
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ries out the location detection and the location-dependent functions described 
below, such as the selection of the active rule base according to the current 
location of the laptop. However, it should be appreciated that the present in- 
vention is not intended to be restricted to any specific practical implementation 
of the personal firewall. 

[0031] In accordance with the principles of the present invention, 
the personal firewall has different sets of rules for the home network (such as 
the private company network 10) and foreign network, such as the public 
Internet 12, or the foreign private network 13, or a network of another depart- 
ment of the company. It is not relevant to the present invention what kind of 
security rules are applied, but some examples are given in Figure 3. For ex- 
ample, a rule base 301 for the foreign company network may list as allowed 
connections of protocols: hypertext transfer protocol (http), secured http 
(Https), domain name service (DNS), single message transfer protocol (SMTP) 
and a VPN connection with IPsec. In the preferred embodiment of the inven- 
tion these rules are exclusive, in other words, other protocols and connections 
are denied and blocked by the personal firewall. For a default network, which 
may be the public Internet 12, the rule base 302 is similar to the rule base 301 , 
except that the SMTP protocol is no longer allowed. For the home network 10, 
a rule base 300 is defined. The allowed protocols include, in addition to the 
http, https and the SMTP, also other transmission protocols, such as NetBEUI 
and IPX. The rule base 300 also allows a disc-share for predefined servers 
using NetBIOS. Other protocols and connections are denied. It is also possible 
that the rule base 300 allows all protocols and connections in the home net- 
work. Since the home network is protected by a company firewall, the use of a 
personal firewall in the home network may be regarded as unnecessary. How- 
ever, the company firewall gives protection only against attacks from the out- 
side of the home network, and the use of a personal firewall protection may be 
necessary for protecting against attacks from within the home network. 

[0032] The different rule bases could be activated manually by a 
user. However, according to the basic principle of the present invention, the 
personal firewall automatically selects and activates the proper rule base ac- 
cording to the current location of the laptop. 

[0033] Figure 4 is a flow diagram illustrating the selection of the rule 
base according to one embodiment of the present invention. The simplest way 
to determine the current location of the laptop is to do it on the basis of the 
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currently used IP address only. This is possible in the cases where the laptop 
has a different IP address, either a fixed or a dynamic address, in different 
networks. As is well known in the art, a part of the IP address identifies the 
network, and can thus be used for detecting the current network of the laptop. 
The personal firewall nnay, for example, contain information on the IP address 
space of home network, and optionally, foreign networks, or a list of addresses 
available for the laptop in the home network. 

[0034] When the current IP address of the laptop matches to a 
given address space or a list of addresses of the home network 10, for exam- 
ple, it can be assumed that the laptop is located in the home network 10 and 
the rule base 300 of the home network 10 is used. Thus, the current IP ad- 
dress is used as a selection rule for activating the rule base 300. However, 
there is some uncertainty in determining the location based on the current IP 
address only, and some approaches to overcome this problem are described 
with reference to further embodiments of the invention below. 

[0035] Referring again to the generic flow diagram shown in Figure 
4, the current IP address of the laptop is firstly determined in the step 401. The 
current IP address may be obtained simply by asking for it from the operating 
system of the laptop by means of using IP configuration routine. The current 
location of the laptop is monitored constantly, and therefore the personal 
firewall may be configured to periodically query the current IP address from the 
operating system. More preferably, the operating system of the laptop may be 
configured to inform any changes in the IP address to the personal firewall, 
and therefore a need for query the IP address time-to-time can be avoided. 
The step 401 may also include verification of the location determined based on 
the IP address by a verification procedure described below. In step 402, the 
personal firewall compares the current IP address with the current IP address 
stored in the personal firewall. If the IP address has not changed, the present 
active rule base can be maintained. However, if the IP address has changed, 
the personal firewall checks whether the new IP address matches to any IP 
address space or IP address belonging to one of the networks on the selection 
rule list in the personal firewall (step 403). If the new IP address does not 
belong to any of the networks on the selection rule list, the personal firewall 
considers the current network an unidentified network, and a default rule base 
302 is selected (step 404). If the network cannot be identified and the default 
rule base must be used, it is normally assumed that the laptop is in a poten- 
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tially hostile environment, most lil<ely in the public Internet 12. Therefore, the 
default rule base is typically defined to provide the maximum protection 
needed. If the new IP address belongs to one of the networks defined on the 
selection rule list in step 403, it means that the network has been identified 
and a rule base linked to the identified network (or the corresponding selection 
rule) is selected and activated (step 405). In the simplest implementation, the 
selection rules include only the home network of the laptop and the corre- 
sponding IP address space or list of addresses . If the current IP address 
belongs to the home network, the rule base 300 of the home network 10 is 
used. Otherwise the rule base 31 0 for foreign network or the default rule base 
302 is used. In a more complicated implementation, there are selection rules 
(i.e. IP addresses and associated rule bases) also for at least one foreign net- 
work and/or different segments of the home network 10. 

[0036] In the examples described above there are two or more rule 
bases which are enabled or disabled on the basis of the current location of the 
laptop. However, there are also alternative ways to implement different rule 
bases. One alternative is to provide only one rule base in which the rules are 
enabled and disabled in different combinations on the basis of the current lo- 
cation of the laptop. 

[0037] As noted above, there are situations where the location (the 
current network) determined on the basis of the current IP address is uncer- 
tain, i.e. the IP address fails to indicate the current location of the laptop. If the 
IP address does not match the current network, use of the Internet protocol 
(IP) to attack against the laptop is not likely, and one may reason that in that 
case a personal firewall does not need to be used. However, there is still a 
possibility that there is an attack using other protocols, such NetBEUI or IPX. 
By detecting the situation where the IP address of the laptop is not an IP ad- 
dress of the current network, it is possible to block such protocols while in for- 
eign networks. Further, NAT (network address translation) and private IP ad- 
dresses are frequently used. This means that the same IP address is in use in 
several networks. In that case it is not enough to trust IP address information 
only when determining the location of the laptop. It is even possible that while 
being connected to a hostile network, the DHCP (dynamic host configuration 
protocol) gives familiar IP address to make it easier to attack the laptop. Basi- 
cally, the DHCP enables individual computers on a network to connect to a 
DHCP server, such as the server 9 in Figure 1, and be assigned a dynamic IP 
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address of the current network. 

[0038] Thus, according to an aspect of the invention, in addition to 
the detection of location based on the current IP address described above, a 
further location verification procedure is carried out with a predetermined net- 
work element, which is preferably reachable only from the location to be veri- 
fied. More generally, the network element is selected in such a way that it re- 
sponses to the verification request only if the request originates from the loca- 
tion (i.e. the network) to be verified. Preferably, the specific network element is 
provided with a location verification service supporting the verification accord- 
ing to the invention. The verification procedure requires that the verification 
method be specified for the personal firewall, preferably at the same time as 
the different locations are specified. In other words, the methods to verify the 
location are specified for the personal firewall in the initial configuration, for 
example. It is also possible that the verification methods are updated or 
changed by means of the updating procedure described below, in a manner 
similar to other security rules. 

[0039] A generic location verification procedure according to one 
embodiment of the Invention is described with reference to Figures 5 and 6. 
Firstly, the current location is detemiined on the basis of the currently used IP 
address as described above (step 501). Next, the personal firewall selects a 
predetermined network element that should be available for verification from 
the determined current location (step 502). Then the personal firewall sends to 
the selected network element a request to send a response with some data 
proving the identity of the network element (step 503). Referring now to Figure 
6, the verifying network element receives the verification request (step 601) 
from a personal firewall. Then, either always in response to the verification re- 
quest or only if predetermined requirements are met, the network element 
sends the response with the required identity data to the personal firewall 
(step 602). Referring again to Figure 5, the personal firewall waits for a re- 
sponse (step 504), and if no response is received (preferably within a prede- 
termined period of time), the location determined on the basis of the current IP 
address is rejected, and the location is determined to be unknown (step 505). 
In that case, a default location and an associated rule base, such as the rule 
base 302, can be used. 

[0040] However, if the response is received from the network ele- 
ment in the step 504, the personal firewall verifies the identity of the network 
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element on the basis of the received identity data, e.g. by comparing the re- 
ceived identity data with identity data stored in the personal firewall (step 506). 
If the verification of the identity is unsuccessful (step 507), the procedure pro- 
ceeds to the step 505 described above. However, if the verification of the 
identity of the network element is successful, also the location of the laptop 
determined on the basis of the current IP address has been successfully veri- 
fied and can be accepted. 

[0041] Additionally, it is possible that one IP address is included in 
more than one selection rule in the personal firewall. In that case, if the verifi- 
cation of the laptop being located in a first network indicated by the current IP 
address fails, it is checked if the laptop is located in a second network indi- 
cated by the current IP address. There are various ways to implement the 
generic location verification procedure described above. The simplest way to 
implement the location verification service is to probe some known (known to 
the personal firewall) element. For example, it is possible to ask the MAC 
address of the known network element located in the home network and 
having a known IP address. The network element returns the MAC address in 
response, and if the AMC address is the one that it is assumed to be (e.g. 
matches with a MAC address stored in the personal firewall), it is verified that 
the laptop is located in the home network. If the MAC address is not the 
correct one, the laptop is determined to be outside the internal network. 

[0042] One possible implementation is that the location verification 
service is implemented in such network element in an internal network which 
can be reached only from inside the internal network. For example, the firewall 
protecting the internal network, such as firewall 5 in Figure 1 , may be confi- 
gured to discard all connections from outside the internal network to this net- 
work element. If the personal firewall is able to reach this specific network 
element, it is verified that the personal firewall resides inside the internal net- 
work. OthenA^ise the personal firewall resides outside the internal network. 
There may be a plurality of such location verification services in a plurality of 
internal networks or sub-networks, and if the personal firewall cannot reach 
any of them, then it is assumed to be outside this plurality of internal networks 
or sub-networks. 

[0043] The location verification service may be incorporated into the 
network firewall, such as the location verification service 50 in the firewall 5 in 
Figure 1. For example, verification requests only from the direction of the inter- 
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nal network (such as home network 10) may be responded by the location 
verification service 50. This implementation is rather straightfonA^ard, since the 
present firewalls are readily capable of detecting from which direction, that is, 
from which interface, a data packet is coming from. 

[0044] In any case it is preferred that the personal firewall commu- 
nicates with the location verification service by using some cryptographically 
strong method, such as public key encryption. For example SSL can be used. 
The certainty of the location verification can be further improved by setting the 
TTL (time-to-live) field in the location verification request to a relatively low 
value, so that the request is capable of reaching only a nearby location veri- 
fication service. The TTL value is decremented each time the verification re- 
quest passes through a router connecting different networks or network seg- 
ments. If the TTL value is set to, for example, a zero value the verification re- 
quest is not able to pass through a router to a different network or a network 
segment. 

[0045] The use of additional location verification makes it even pos- 
sible to automatically create a VPN tunnel to the home network even if the cur- 
rent location (a foreign network) is using the same IP address as in the internal 
network. 

[0046] All the embodiments described above are effective both in 
standalone computers and in centrally managed computers. The central man- 
agement of personal firewalls enables a uniform protection level in all com- 
puter devices using the private network. One feature of the central mana- 
gement is that preferably all of the personal firewalls have essentially similar 
security rules. It should also be possible to update these. It is preferable that 
rule updates are applied in the personal firewalls as soon as possible after 
they have been made in the central management. Because it is not sufficient 
to rely on the manual updating by the user, the process of updating the rules 
must be automated. However, distribution of the updated rules by a push 
transmission from the central management is not a sufficient option in a case 
where the personal firewalls can move from one network to another. There- 
fore, according to an aspect of the invention, the personal firewalls are ar- 
ranged to periodically query the availability of updated rules from the central 
management. An updating procedure according to one embodiment of the in- 
vention is described with reference to Figures 7 and 8. 

[0047] Firstly, a personal firewall measures a predetermined up- 
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dating period, which can be any period of time, preferably one day or a few 
days (step 701). In step 702, the personal firewall checks whether the updat- 
ing period has expired, and if not, the procedure returns to the step 701. When 
the updating period has expired, the personal firewall checks whether the cur- 
rent location of the laptop is in the home network (step 703) or in another sub- 
network of the same company. The location determination is preferably based 
on the methods described above. If the current location is in the home net- 
work, the process proceeds directly to the step 705. However, if the current lo- 
cation is not in the home network, the personal firewall waits for the laptop to 
return to or establish a connection (e.g. VPN) to the home network (step 704), 
before proceeding to the step 705. In the step 705, the personal firewall sends 
a rule update query to the central management, such as the personal firewall 
management server 8 in Figure 1. Referring now to Figure 8, the personal 
firewall management 8 receives the rule update query from the personal 
firewall (step 801) and sends updated rules, if there are any, to the personal 
firewall (step 802). Referring again to Figure 7, the personal firewall checks 
whether the reply received from the personal firewall management 8 contains 
rule updatings (step 706), and if not, the process returns to the step 701 to 
measure the next updating period. However, if rule updatings have been re- 
ceived, the personal firewall updates the relevant rule bases stored in the lap- 
top (step 707). 

[0048] It is also preferable that the logs relating to the communica- 
tion transactions of the laptop are handled in a central location. Since the lap- 
tops are frequently disconnected from the home network, logs must be col- 
lected locally. In order to enable central handling, the logs must be transferred 
to a central log server, such as the personal firewall management 8, when 
such is available. This should take place automatically when the computer de- 
vice provided with a personal firewall is connected to the home network. Fig- 
ure 9 illustrates log handling according to one embodiment of the invention. 

[0049] Firstly, the personal firewall creates a log file each time the 
laptop is involved with a communication transaction, such as an Internet ses- 
sion (step 91). Then the personal firewall determines the current location of 
the laptop, preferably based on the location determining methods described 
above (steps 92 and 93). If the location of the laptop is in the home network or 
in another subnetwork of the same company, the personal firewall sends the 
log file to the central log server 8 immediately (step 94). However, if the cur- 
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rent location of the laptop is not in the honne network, the process proceeds to 
the step 95, where the log file is stored locally. Similarly, a number of log files 
is collected locally while the laptop is disconnected from the home network. 
When the personal firewall next time detects that the computer device is relo- 
cated in the home network, it sends the collected log files to the central log 
server 8. Optionally, the personal firewall may also send the collected log files 
to the personal firewall management 8 when the laptop has established a (e.g. 
VPN) connection to the home network. 

[0050] It is apparent for those skilled in the art that the illustrative 
embodiments described are only examples and that various modifications can 
be made within the scope and spirit of the invention as defined in the ap- 
pended claims. 
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